The prevalence of nuisance calls and fraudulent calls on the telephone networks has reached an alarming level. Attempts have been made to regulate end-user telecommunication activity. For example, the Telephone Consumer Protection Act (TCPA) was passed by Congress in 1991 to regulate the use of auto-dialers and prerecorded messages. The specifics of the regulation and the courts' interpretation are complex and sometimes difficult to decipher, but the essence of the law is to safeguard consumer privacy by mandating that robocallers obtain consumer consent before placing any ‘non-emergency’ robocall towards the consumer's cell phone. The Truth in Caller ID Act was passed by Congress in 2007. It prohibits any person or entity from knowingly transmitting misleading or inaccurate Caller ID information with the intent to defraud, cause harm, or wrongly obtain anything of value. If no harm is intended or caused, spoofing is not illegal. For instance, it is not illegal for websites to allow consumers to place calls with spoofed caller-id numbers. The Fair Debt Collection Practices Act (FDCPA) was passed by Congress in 1977 to eliminate abusive debt collection practices by debt collectors. It prohibits debt-collectors from calling before 8 a.m. or after 9 p.m., calling a consumer's place of employment, or using deceptive caller id practices. Furthermore, collections agencies are required to make meaningful disclosure of their identity when calling a debtor.
Unfortunately, in practice these laws have proven to be virtually unenforceable. For example, telephony carriers are unable to put in place effective enforcement measures to enforce the rules and regulations implementing the Truth in Caller ID Act and the Telephone Consumer Protection Act (TCPA) because the carriers lack insight to caller intent and legitimacy. To prevent activities prohibited by these laws, carriers would be required to collect prohibitive quantities of personal, privacy-protected information not germane to the carrier's provisioning telecommunications services. At the same time, landline and mobile subscribers are plagued by unsolicited calls, calling scams, phishing and identity theft, automated robocallers, and other forms of unwanted communication.
A level of trust in a caller's identity should be determined to enable the carrier and subscriber to discern illegal calls from legitimate calls, and solicited calls from unwanted nuisance calls. Efforts to do this, however, are thwarted by abuse of the technologies available by unscrupulous callers. For example, to avoid detection and perpetrate their illicit calling schemes, bad actors often hide their identity by withholding identifying information, pretending to be another entity (as in spoofing another telephone number), or outright impersonating another party (as in phishing scams). Many low cost Internet phone services allow end-users to customize the caller-id-name displayed to other end-users. Accordingly, caller-id-name alone does not provide reliable information for accurately identifying a caller. One example of this is that scammers impersonating bank personnel will often customize their caller-id-name to display “Card Services,” “Customer Svc,” or similar. There are many other reported examples highlighting the various types of abuse by bad actors engaged in telephony abuse and unwanted commercial or illegal solicitation.
Accordingly, there is a need for a way of assigning a level of trustworthiness to incoming calls in a telephony system. Due to the nature of telephony and the large number of incoming calls that would need to be processed from previously unseen callers, technical problems arise in being able to assign trustworthiness levels in a manner that is accurate, fast enough to deal with telephony-scale traffic, and capable of adapting to new tactics on the part of unscrupulous callers.